Method for using communication channel round-trip response time for digital asset management

ABSTRACT

The present method for using communication channel round-trip response time for digital asset management utilizes a predetermined distance between a sending device and a receiving device to prevent unauthorized receipt of digital content when the unauthorized receiving device is located beyond the predetermined distance. When the receiving device requests digital content from the sending device, the sending device replies with a request for an acknowledgement. The receiving device sends the requested acknowledgement. The time between sending the request for an acknowledgement and receipt of the acknowledgement is the actual round-trip response time. The actual round-trip response time is compared to a predetermined response time limit for the predetermined distance and if the actual response time is within the predetermined response time limit, the request for digital content is granted and if the actual round-trip response time is not within the predetermined response time limit, the request for digital content is denied.

FIELD OF THE INVENTION

[0001] This invention relates to digital communication and morespecifically, to protecting digital content from unauthorizeddistribution outside of a geographic region.

PROBLEM

[0002] It is a problem in the field of digital communication to preventunauthorized access to digital content sent from a sending device to areceiving device over an insecure communication channel while alsoproviding digital content delivery upon request.

[0003] Often, the geographical area within which the digital content isdistributed and available for receipt by receiving devices is known, forexample, a single home, a secure building or a campus of buildings. Whendistributing the digital content over an insecure communication channelfrom the sending device to the receiving device within the geographicalarea, traditional digital rights management systems use digitalauthentication, such as shared secrets and key exchange, to verify thatthe receiver is authorized to receive the digital content. Examplesinclude the PGP (Pretty Good Privacy), Kerberos, DTCP (DigitalTransmission Content Protection) and HDCP (High-Bandwidth DigitalContent Protection).

[0004] The insecure electronic communication channels are used to sharepart of those secrets to ensure to the sending device that it trusts thereceiving device. The communication channel over which the digitalcontent is transferred may be any electronic channel such as theelectronic links using the Internet Protocol (IP). Many of thecommunication channels, including those using IP, do not include amethod for determining whether the receiving device is located near orfar away from the sending device. The receiving device may be areceiving device located anywhere on the global Internet.

[0005] A problem arises when the authentication method used by thesending device to authenticate the receiving device, is compromised. Ifan unauthorized receiving device acquires the shared secret or theexchanged key, the unauthorized receiving device may use the sharedsecret or the exchanged key to 13208.126 convince the sending devicethat the unauthorized receiving device is authorized to receive thedigital content. Therefore, it is possible for the sending device tounknowingly send the digital content to an unauthorized receiving devicelocated anywhere on the global Internet. Traditional digitalauthentication fails to provide an added layer of security wherein thesending device determines whether the authenticated receiving device iswithin a predetermined area and therefore authorized to receive thedistributed digital content.

[0006] For this reason, a need exists for a method for preventingdistribution of digital content from a sending device to a receivingdevice located outside of a predetermined area.

SOLUTION

[0007] The present method for using communication channel round-tripresponse time for digital asset management utilizes a predetermineddistance between the sending device and the receiving device to preventunauthorized receipt of the digital content when the unauthorizedreceiving device is located beyond the predetermined distance from thesending device. When the receiving device requests digital content fromthe sending device, the sending device replies to the receiving devicewith a request for an acknowledgement. In response to the request for anacknowledgement, the receiving device sends the requestedacknowledgement to the sending device. The time between sending therequest for an acknowledgement to the receiving device and receipt ofthe acknowledgement is the actual round-trip response time. The actualround-trip response time is compared to a predetermined response timelimit and if the actual response time is within the predeterminedresponse time limit, the request for digital content is granted anddigital content is sent to the requesting receiving device. If theactual round-trip response time is not within the predetermined responsetime limit, the request for digital content is denied and digitalcontent is not sent to the requesting receiving device.

BRIEF DESCRIPTION OF THE DRAWINGS

[0008]FIG. 1 is a diagram of the round-trip response time in accordancewith the present method for using communication channel round-tripresponse time for digital asset management;

[0009]FIG. 2 illustrates an example of receiving devices located apredetermined distance from the sending device in accordance with thepresent method for using communication channel round-trip response timefor digital asset management;

[0010]FIG. 3 illustrates an example of receiving devices located withindefined geographical areas in accordance with the present method forusing communication channel round-trip response time for digital assetmanagement;

[0011]FIG. 4 illustrates another example of receiving devices locatedwithin defined geographical areas in accordance with the present methodfor using communication channel round-trip response time for digitalasset management; and

[0012]FIG. 5 is a flow diagram illustrating the present method for usingcommunication channel round-trip response time for digital assetmanagement.

DETAILED DESCRIPTION

[0013] The present method for using communication channel round-tripresponse time for digital asset management summarized above and definedby the enumerated claims may be better understood by referring to thefollowing detailed description, which should be read in conjunction withthe accompanying drawings. This detailed description of the preferredembodiment is not intended to limit the enumerated claims, but to serveas a particular example thereof. In addition, the phraseology andterminology employed herein is for the purpose of description, and notof limitation.

[0014] Traditional digital rights management systems authenticatereceiving devices based on shared secrets or exchanged keys. Examples oftraditional digital rights management authentication methods includePretty Good Privacy (PGP), Digital Transmission Content Protection(DTCP) and High-Bandwidth Digital Content Protection (HDCP)link-copy-protection systems. Insecure electronic communication channelsare used to share part of those secrets to ensure to the sending devicethat it trusts the receiving device. However, electronic channels, suchas the IP based Internet, allow the sending devices and the receivingdevices to be located anywhere in the world. When the shared secret keyis comprised, it is possible for unauthorized receiving devices to usethe compromised secret key to convince the sending device that theunauthorized receiving device is authorized to receive the digitalcontent.

[0015] The present method for using communication channel round-tripresponse time for digital asset management utilizes predetermineddistance between the sending device and the receiving device to preventunauthorized receipt of the digital content when the unauthorizedreceiving device is located beyond the predetermined distance from thesending device. Referring to FIG. 1, the receiving device requestsdigital content from the sending device. Upon receipt of the request fordigital content, the sending device replies to the receiving device witha request for an acknowledgement. In response to the request for anacknowledgement, the receiving device sends the requestedacknowledgement to the sending device. The time between sending therequest for an acknowledgement to the receiving device and receipt ofthe acknowledgement is the round-trip response time. In other words, ifthe request for an acknowledgement is sent at time T1 as shown in FIG.1, and the acknowledgement is received by the sending device at T2, theround-trip response time is the difference between T1 and T2.

[0016] In the example illustrated in FIG. 2, the receiving device 75 hasa physical address representing the location of the receiving device 75,and the physical address is known by the sending device 50. Based on theknown physical address, sending device 50 determines a distance betweensending device 50 and receiving device 75 to further identify receivingdevice 75. The predetermined distance between sending device 50 andreceiving device 75 has a corresponding predetermined response timelimit. By calculating the actual round-trip response time using thedifference between T1 and T2, and comparing the actual round-tripresponse time to the predetermined response time limit, sending device50 is able to determine if receiving device 75 is located within thepredetermined distance. If the receiving device is within thepredetermined distance from sending device 50, sending device 50 grantsthe requests for digital content. If the receiving device is not withinthe predetermined distance from sending device 50, sending device 50denies the requests for digital content. Using the physical location ofreceiving devices to determine whether or not the sending device truststhe receiving device limits the number of security breaches to thosereceiving devices located within the same distance from the sendingdevice as the authorized receiving device 71, such as receiving device73 in this example. Receiving devices having a distance between thereceiving device and the sending device that is greater than or lessthat the predefined distance, i.e. receiving devices 71, 81 and 91,would not have the ability to breach the added layer of security, andtherefore would not received requested digital content even when thereceiving device is authenticated using a compromised secrets.

[0017] In another embodiment, geographical areas are used in place ofpredetermined distances between the sending device and the receivingdevice. Referring to the example of receiving devices located withindefined geographical areas illustrated in FIG. 3, a sending device 50may send digital content to receiving devices in more than onegeographical area. Each geographical area has a-predetermined round-tripresponse time corresponding to the geographical area. In this example,receiving devices within the predefined geographical areas 60, 70 and 80are assigned the predetermined response time limit corresponding to thegeographical area in which they are located.

[0018] Referring to FIG. 2 in conjunction with the flow diagram of FIG.5, in step 100 sending device 50 located within geographical area 60receives a request for digital content from receiving device 71 which islocated within geographical area 70. Upon receipt of the request fordigital content, sending device 50 sends a request for acknowledgementin step 102 to receiving device 71. Substantially simultaneously thesending device 50 records the time in step 104 at which the sendingdevice sent the request for an acknowledgement to receiving device 71.In response to receiving the request for an acknowledgement, in step 106receiving device 71 sends the requested acknowledgement to sendingdevice 50. Substantially simultaneously to receiving the requestedacknowledgement in step 108, sending device 50 records the time at whichsending device 50 receives the acknowledgement in step 110.

[0019] Using the time recorded in step 104 for sending the request foran acknowledgement and the time recorded in step 110 corresponding toreceiving the acknowledgement, the sending device calculates an actualround-trip response time in step 112. The calculated actual round-tripresponse time is compared to predetermined response time limit for thegeographical area in which receiving device 71 is located, geographicalarea 70 in this example. If the actual round-trip response time iswithin the predetermined response time limit in step 114, the requestfor digital content is granted in step 118. However, if the actualround-trip response time exceeds the predetermined response time limitin step 114 for geographical area 70, the request for digital content isdenied in step 116. Use of the present method for using communicationchannel round-trip response time for digital asset management adds anadditional layer of securing digital content distributed over insecurecommunication channels over and above the traditional Digital RightsManagement (DRM) systems. Security breaches would be limited toreceiving devices within predetermined geographical area 70, i.e.receiving devices 72 and 73. Receiving devices located withinpredetermined geographical areas 60 and 80 would not have the ability tobreach the added layer of security.

[0020] In another example illustrated in FIG. 4, sending device 50receives a request for digital content from receiving device 83. In thisexample, receiving device 83 has previously comprised receiving device71 and is using the secret or secret keys of receiving device 71 toconvince sending device 50 that receiving device 83 is authorized toreceive the requested digital content. Upon receipt of the request fordigital content, sending device 50 sends a request for anacknowledgement from receiving device 83. Upon receipt of the requestfor an acknowledgement, receiving device 83 sends an acknowledgement tosending device 50. As previously described, upon receipt of theacknowledgement, sending device 50 calculates an actual round-tripresponse time and compares the actual round-trip response time to thepredetermined response time limit corresponding to receiving device 71,geographical area 70 in this example. Since receiving device 83 is notwithin the geographical area 70 of the authorized receiving device 71,the actual round-trip response time is not within the predeterminedresponse limit for geographical area 70, and the request for digitalcontent is denied. Thus preventing unauthorized receiving device 83 fromreceiving the requested digital content.

[0021] As to alternative embodiments, those skilled in the art willappreciate that the present method for using communication channelround-trip response time for digital asset management may be implementedwith alternative methods of determining a distance between the sendingdevice and the receiving device. The geographical areas may be adjacentgeographical areas as illustrated in FIG. 2, the geographical area mayoverlap, or may be a geographical area anywhere on the global Internetmany miles from the sending device. The predetermined geographical areashave been illustrated as circular area but may be of any size and shapeand may or may not be related to physical address characteristics suchas area code or zip code. While the predetermined distance and thepredetermined geographical areas have been described as having apredefined round-trip response time limit, alternative methods ofcomparing the actual round-trip response time to a threshold or a set oflimits may be substituted.

[0022] It is apparent that there has been described method for usingcommunication channel round-trip response time for digital assetmanagement that fully satisfies the objects, aims, and advantages setforth above. While the method for using communication channel round-tripresponse time for digital asset management has been described inconjunction with specific embodiments thereof, it is evident that manyalternatives, modifications, and/or variations can be devised by thoseskilled in the art in light of the foregoing description. Accordingly,this description is intended to embrace all such alternatives,modifications and variations as fall within the spirit and scope of theappended claims.

What is claimed is:
 1. A method for preventing distribution of digitalcontent to a receiving device located within a predetermined distance ofa sending device, the method comprising the steps of: at said sendingdevice, receiving a request for digital content from said receivingdevice; in response to receiving said request, requesting anacknowledgement from said receiving device; in response to receivingsaid request for said acknowledgement, sending said acknowledgement tosaid sending device; in response to receiving said acknowledgement atsaid sending device; determining an actual round-trip response time forsaid request for said acknowledgement; and using said actual round-tripresponse time to determine if said receiving device is located withinsaid predetermined distance of said sending device.
 2. The method ofclaim 1 wherein the step of requesting an acknowledgement from saidreceiving device further comprises: substantially simultaneously torequesting said acknowledgement, recording a first time representingwhen said request for said acknowledgement was sent.
 3. The method ofclaim 2 wherein the step of receiving said acknowledgement furthercomprises: substantially simultaneously to receiving saidacknowledgement, recording a second time representing when saidacknowledgement was received at said sending device.
 4. The method ofclaim 3 wherein the step of determining a round-trip response timecomprises: comparing said first time and said second time to determinesaid actual round-trip response time.
 5. The method of claim 1 whereinsaid step of using said round-trip response time further comprises:comparing said actual round-trip response time to a predeterminedresponse limit representing said predetermined distance, wherein if saidactual round-trip response time is within said predetermined responselimit, said request for digital content is granted and if said actualround-trip response time is not within said predetermined responselevel, denying said request for digital content.
 6. A method fordetecting a request for digital content from an unauthorized receivingdevice, the method comprising the steps of: establishing a predeterminedreference between a sending device and an authorized receiving device,said predetermined reference having a corresponding predeterminedresponse time; receiving said request for digital content at saidsending device from said unauthorized receiving device; in response toreceiving said request for digital content, sending a request for anacknowledgement to said unauthorized receiving device; in response toreceiving said request for acknowledgement, sending said acknowledgementto said sending device; in response to receiving said acknowledgement atsaid sending device, determining an actual round-trip response time; andcomparing said actual round-trip response time to said predeterminedresponse time, wherein if said actual round-trip response time exceedssaid predetermined round-trip response limit for said authorizedreceiving device, said unauthorized receiving device is not authorizedto receive said digital content.
 7. The detection method of claim 6wherein the step of sending a request for an acknowledgement furthercomprises: substantially simultaneously to requesting saidacknowledgement, recording a time representing when said request forsaid acknowledgement was sent to said receiving device.
 8. The detectionmethod of claim 7 wherein the step of receiving said acknowledgementfrom said receiving device further comprises: substantiallysimultaneously to receiving said acknowledgement, recording a receivetime representing when said acknowledgement was received at said sendingdevice.
 9. The detection method of claim 7 wherein the step ofdetermining an actual round-trip response time comprises: calculating adifference between said send time and said receive time to determinesaid actual round-trip response time.
 10. The detection method of claim6 wherein the step of determining an actual round-trip response timecomprises: calculating a difference between sending said request forsaid acknowledgement from said sending device and receiving saidacknowledgement at said sending device.
 11. A method for preventingdistribution of digital content from a source device to an unauthorizeddestination device located outside of a predetermined geographical area,the method comprising the steps of: receiving a request from adestination device for said digital content from said source device; inresponse to receiving said request for digital content, requesting anacknowledgement from said destination device; substantiallysimultaneously to sending said request for said acknowledgement,recording a first time denoting the time that said request foracknowledge was sent to said destination device; in response toreceiving said acknowledgement request from said source device, sendingan acknowledgement from said destination device to said source device;receiving said acknowledge at said source device from said destinationdevice; substantially simultaneously to receiving said acknowledge atsaid source device, recoding a second time denoting the time that saidacknowledgement from said destination device was received at said sourcedevice; calculating a difference between said first time and said secondtime to determine a round-trip response time; and comparing saidround-trip response time to a predetermined response limit representingsaid predetermined geographical area, if said round-trip response timeexceeds said predetermined response limit, denying said request fordigital content and if said round-trip response time does not exceedsaid predetermined response limit, granting said request for saiddigital content.